Scammers Steal Over $1 Million Worth of Ethereum From Bee Token ICO Participants

Hundreds of users fell victims to email scams over the past week, sending over $1 million worth of Ethereum to a scammer who sent fake emails posing as the Bee Token ICO (Initial Coin Offering).

The Bee Token ICO started on January 31 and ended on February 2, when the Bee team shut down the ICO after raising the $5 million they wanted to build their product, a blockchain-based house rental application, a-la Airbnb.

Not Bee's fault. Users fell to a basic email scam.

During the time the Bee Token ICO was going on, a scammer was sending emails posing as the Bee team and urging users who wanted to buy Bee Tokens to send Ethereum to wallets under his control.

The Bee team became aware of this issue pretty soon into its ICO, and sent out three security alerts [1, 2, 3], informed people that the ICO was taking place via its website alone, and even created a Google Form to allow users to report scams.

Despite the constant alerts from the Bee team, people kept falling for the fake emails, which were sent from addresses like: "ico.beetoken.421837378324190333.crowd.ico@fortumo.com."

The scammer used multiple wallet addresses to receive funds from tricked users. Bleeping Computer was able to track down three of such wallets — 1, 2, 3— but there were multiple others shared online, but the full addresses were edited.

The three wallets contained over $1 million when the Bee Token ICO ended on Friday, but it is believed the hacker made off with even more money.

Similar incident happened a week before

Last week, another (or maybe the same) scammer tricked users participating in the Experty ICO into sending funds worth over $150,000.

Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.

Comments

I was hacked on 26 january after i start my verification for Experty. I also received an email that said that the their data base was hacked. And it was stolen all my coins i had in mew. I can see the transactions where they gone. Where to report this? If no one can take measures then many of us will retrace from crypto because its not safe.